virtualisation/oci-containers: fix podman systemd service name
This commit is contained in:
parent
0b0c68c77d
commit
68710f4064
@ -185,11 +185,9 @@ let
|
|||||||
Refer to the
|
Refer to the
|
||||||
[Docker engine documentation](https://docs.docker.com/engine/network/#published-ports) for full details.
|
[Docker engine documentation](https://docs.docker.com/engine/network/#published-ports) for full details.
|
||||||
'';
|
'';
|
||||||
example = literalExpression ''
|
example = [
|
||||||
[
|
"127.0.0.1:8080:9000"
|
||||||
"127.0.0.1:8080:9000"
|
];
|
||||||
]
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
user = mkOption {
|
user = mkOption {
|
||||||
@ -387,7 +385,9 @@ let
|
|||||||
mkService =
|
mkService =
|
||||||
name: container:
|
name: container:
|
||||||
let
|
let
|
||||||
dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn;
|
dependsOn = lib.attrsets.mapAttrsToList (k: v: "${v.serviceName}.service") (
|
||||||
|
lib.attrsets.getAttrs container.dependsOn cfg.containers
|
||||||
|
);
|
||||||
escapedName = escapeShellArg name;
|
escapedName = escapeShellArg name;
|
||||||
preStartScript = pkgs.writeShellApplication {
|
preStartScript = pkgs.writeShellApplication {
|
||||||
name = "pre-start";
|
name = "pre-start";
|
||||||
@ -539,7 +539,7 @@ let
|
|||||||
Restart = "always";
|
Restart = "always";
|
||||||
}
|
}
|
||||||
// optionalAttrs (cfg.backend == "podman") {
|
// optionalAttrs (cfg.backend == "podman") {
|
||||||
Environment = "PODMAN_SYSTEMD_UNIT=podman-${name}.service";
|
Environment = "PODMAN_SYSTEMD_UNIT=%n";
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
NotifyAccess = "all";
|
NotifyAccess = "all";
|
||||||
Delegate = mkIf (container.podman.sdnotify == "healthy") true;
|
Delegate = mkIf (container.podman.sdnotify == "healthy") true;
|
||||||
|
@ -9,6 +9,8 @@ let
|
|||||||
|
|
||||||
inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest;
|
inherit (import ../lib/testing-python.nix { inherit system pkgs; }) makeTest;
|
||||||
|
|
||||||
|
serviceName = "nginxtest"; # different on purpose to verify proper systemd unit generation
|
||||||
|
|
||||||
mkOCITest =
|
mkOCITest =
|
||||||
backend:
|
backend:
|
||||||
makeTest {
|
makeTest {
|
||||||
@ -23,6 +25,7 @@ let
|
|||||||
virtualisation.oci-containers = {
|
virtualisation.oci-containers = {
|
||||||
inherit backend;
|
inherit backend;
|
||||||
containers.nginx = {
|
containers.nginx = {
|
||||||
|
inherit serviceName;
|
||||||
image = "nginx-container";
|
image = "nginx-container";
|
||||||
imageStream = pkgs.dockerTools.examples.nginxStream;
|
imageStream = pkgs.dockerTools.examples.nginxStream;
|
||||||
ports = [ "8181:80" ];
|
ports = [ "8181:80" ];
|
||||||
@ -39,7 +42,7 @@ let
|
|||||||
|
|
||||||
# Stop systemd from killing remaining processes if ExecStop script
|
# Stop systemd from killing remaining processes if ExecStop script
|
||||||
# doesn't work, so that proper stopping can be tested.
|
# doesn't work, so that proper stopping can be tested.
|
||||||
systemd.services."${backend}-nginx".serviceConfig.KillSignal = "SIGCONT";
|
systemd.services.${serviceName}.serviceConfig.KillSignal = "SIGCONT";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -47,11 +50,11 @@ let
|
|||||||
import json
|
import json
|
||||||
|
|
||||||
start_all()
|
start_all()
|
||||||
${backend}.wait_for_unit("${backend}-nginx.service")
|
${backend}.wait_for_unit("${serviceName}.service")
|
||||||
${backend}.wait_for_open_port(8181)
|
${backend}.wait_for_open_port(8181)
|
||||||
${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello")
|
${backend}.wait_until_succeeds("curl -f http://localhost:8181 | grep Hello")
|
||||||
output = json.loads(${backend}.succeed("${backend} inspect nginx --format json").strip())[0]
|
output = json.loads(${backend}.succeed("${backend} inspect nginx --format json").strip())[0]
|
||||||
${backend}.succeed("systemctl stop ${backend}-nginx.service", timeout=10)
|
${backend}.succeed("systemctl stop ${serviceName}.service", timeout=10)
|
||||||
assert output['HostConfig']['CapAdd'] == ["CAP_AUDIT_READ"]
|
assert output['HostConfig']['CapAdd'] == ["CAP_AUDIT_READ"]
|
||||||
assert output['HostConfig']['CapDrop'] == ${
|
assert output['HostConfig']['CapDrop'] == ${
|
||||||
if backend == "docker" then "[\"CAP_AUDIT_WRITE\"]" else "[]"
|
if backend == "docker" then "[\"CAP_AUDIT_WRITE\"]" else "[]"
|
||||||
@ -60,6 +63,9 @@ let
|
|||||||
assert output['HostConfig']['Devices'] == [{'PathOnHost': '/dev/random', 'PathInContainer': '/dev/random', 'CgroupPermissions': '${
|
assert output['HostConfig']['Devices'] == [{'PathOnHost': '/dev/random', 'PathInContainer': '/dev/random', 'CgroupPermissions': '${
|
||||||
if backend == "docker" then "rwm" else ""
|
if backend == "docker" then "rwm" else ""
|
||||||
}'}]
|
}'}]
|
||||||
|
''
|
||||||
|
+ lib.strings.optionalString (backend == "podman") ''
|
||||||
|
assert output['Config']['Labels']['PODMAN_SYSTEMD_UNIT'] == '${serviceName}.service'
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user